Part 2 -Top Expert Security Predictions for 2012

Here is Part 2 of our top expert security predictions for 2012 compiled from M86, Websense, SecurEnvoy, CSO, SANS and others.

Mobile malware menaces users and organizations

In 2011, the most prolific cybercrime platforms, Zeus and Spyeye, developed malware for the Android platform in order to intercept the SMS-based security controls deployed by banks to protect their customers from banking Trojans. Android has become the most-targeted platform for malware, surpassing Symbian in the first half of 2011.

Third-party software exploits gain traction

Some third-party browser software such as Java, Flash Player and Acrobat Reader have huge worldwide install bases. Because numerous vulnerabilities in these products are found and often exploited, and because it is difficult for IT administrators to promptly update these products throughout their organizations, these software products have become an increasingly viable vector for attacks.

Exploit kits and malware reuse proliferate

Malware reuse is a growing phenomenon in the underground economy and the Zeus family of malware is a great example. For the last few years, Zeus (a.k.a. Zbot) functions as one of the preferred types of malware used by cybercriminals. Until May 2011, Zeus source code was sold only to private groups, and older compiled versions of the tool were available to anyone, but then the source code of Zeus crimeware kit was leaked and is now publicly available on the Web.

Compromised websites serving malicious content accelerates

Social networking sites such as Facebook and LinkedIn are now being used by businesses to promote their organizations, generate leads and inform customers of special offers or important messages. Additionally, almost every self-aware organization has either started a blog or is in the process of starting one. Regardless of the fact that these blogs run on corporate Web servers, they often are not sufficiently protected against malicious attacks, because they allow remote attackers such as Botnet operators and traders to compromise the corporate Web server, turning it into a redirector to their malware.

Botnets disruption attempts short-lived

Botnets, vast armies of compromised machines around the globe, are the cybercriminals’ weapons of choice, and nothing suggests that this will change anytime soon. Whether it’s spam, data stealing, DDOS, or mass website hacks, botnets provide the horsepower and anonymity that cybercriminals need to perpetuate their crimes. Unless the operators are actually apprehended, botnet takedowns tend to have a short-term effect only. The Cutwail and Lethic botnets are classic examples. Despite being ”disabled” multiple times, they are still spamming today.

Attacks on cloud services inevitable

Many people and organizations are moving to various cloud services to take advantage of convenience and attractive pricing. There are valid security concerns about moving sensitive data and critical systems to the cloud, including control of data, downtime due to an outage and lack of visibility. Despite excellent security practices employed by many cloud providers, the fact remains that these services are likely to be prime targets for cybercriminals.

Organizations will move from hardware to software based tokens to authenticate users

“While you could say this isn’t really a prediction, as in truth the exodus to tokenless has already started, I’ll bravely put a figure against it and say 50 percent of all hardware tokens will be replaced with tokenless two factor authentication by this time next year.”  – Andy Kemshall, SecurEnvoy